cgroup/LXC: Do not condition availability of v2 by controllers

systemd in hybrid mode uses v1 hierarchies for controllers and v2 for
process tracking.

The LXC code uses virCgroupAddMachineProcess() to move processes into
appropriate cgroup by manipulating cgroupfs directly. (Note, despite
libvirt also supports talking to systemd directly via
org.freedesktop.machine1 API.)

If this path is taken, libvirt/lxc must convince systemd that processes
really belong to new cgroup, i.e. also the tracking v2 hierarchy must
undergo migration too.

The current check would evaluate v2 backend as unavailable with hybrid
mode (because there are no available controllers). Simplify the
condition and consider the mounted cgroup2 as sufficient to touch v2
hierarchy.

This consequently creates an issue with binding the V2 mount. In hybrid
mode the V2 filesystem may be mounted upon the V1 filesystem. By reversing
the order in which backends are mounted in virCgroupBindMount this problem
is circumvented.

Resolves: https://gitlab.com/libvirt/libvirt/-/issues/182
Signed-off-by: Eric van Blokland <mail@ericvanblokland.nl>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index a6a409af3dff6af4b8536abd2a0b6de74f1b2120..49ebd37dede36782c726b8e6befa2a7712726454 100644 (file)
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -2921,10 +2921,12 @@ int
 virCgroupBindMount(virCgroup *group, const char *oldroot,
                    const char *mountopts)
 {
-    size_t i;
+    ssize_t i;
     virCgroup *parent = virCgroupGetNested(group);
 
-    for (i = 0; i < VIR_CGROUP_BACKEND_TYPE_LAST; i++) {
+    /* In hybrid environments, V2 may be mounted over V1.
+     * Mount the backends in reverse order. */
+    for (i = VIR_CGROUP_BACKEND_TYPE_LAST - 1; i >= 0; i--) {
         if (parent->backends[i] &&
             parent->backends[i]->bindMount(parent, oldroot, mountopts) < 0) {
             return -1;

diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c
index 4c110940cf104a68898d67717192b246e5b4b29d..0e0c61d466cde858025478edac4871e10bf0473b 100644 (file)
--- a/src/util/vircgroupv2.c
+++ b/src/util/vircgroupv2.c
@@ -75,22 +75,10 @@ virCgroupV2Available(void)
         if (STRNEQ(entry.mnt_type, "cgroup2"))
             continue;
 
-        /* Systemd uses cgroup v2 for process tracking but no controller is
-         * available. We should consider this configuration as cgroup v2 is
-         * not available. */
-        contFile = g_strdup_printf("%s/cgroup.controllers", entry.mnt_dir);
-
-        if (virFileReadAll(contFile, 1024 * 1024, &contStr) < 0)
-            goto cleanup;
-
-        if (STREQ(contStr, ""))
-            continue;
-
         ret = true;
         break;
     }
 
- cleanup:
     VIR_FORCE_FCLOSE(mounts);
     return ret;
 }